social security number, driver’s license number, or other government issued identification, or

account or card numbers + access codes,

or

2. information that identifies an individual + concerns a health condition or healthcare

If you answered “yes” to either of those two questions, your business is at risk of a data breach.

That information is called “Sensitive Personal Information” (SPI) under Texas law. If that SPI is taken, accessed, or its confidentiality or integrity is compromised, your business must give proper notification to all of the individual data subjects whose SPI was compromised. Because that SPI is entrusted to your business for safe keeping, a compromise can be something as simple as one of your employees taking copies of the SPI with her when she leaves to go work for a competitor, since that SPI is no longer secure within your business, but is now disclosed to another business.

The penalty for failing to notify the data subjects of the breach is up to $100.00 per individual per day for the time the notification is delayed but cannot exceed $250,000 for a single breach.

If the SPI is encrypted, however, there is no data breach unless the one who obtains the SPI has access to the decryption key.

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Like this:

Published by Shawn E. Tuma

Shawn Tuma is an attorney who is internationally recognized in cybersecurity, computer fraud and data privacy law, areas in which he has practiced for nearly two decades. He is a Partner at Spencer Fane, LLP where he regularly serves as outside cybersecurity and privacy counsel to a wide range of companies from small to midsized businesses to Fortune 100 enterprises. You can reach Shawn by telephone at 972.324.0317 or email him at stuma@spencerfane.com.
View all posts by Shawn E. Tuma

Meta

DISCLAIMER

This Site is only provided for educational purposes and as a public resource for general information about Shawn E. Tuma. This site, or anything provide through this site, does not constitute legal advice and is not intended to constitute advertising or solicitation for legal services. Nothing in this Site should be construed by you as a source of legal advice. You should not rely or act upon the contents of this Site without seeking advice from your own attorney. Use and access to this Site or any materials or information provided on this Site does not create an attorney-client relationship between you and Shawn E. Tuma, or the law firm at which Shawn E. Tuma may be employed. Any information submitted by you to Shawn E. Tuma via this Site, an email, or any form of social media communication will not be considered an attorney-client communication or otherwise be treated as confidential or privileged in the absence of an executed Engagement Agreement between you and Shawn E. Tuma. The views expressed on this site are those of the author alone and not his employer.
Google